NTA Monitor

Latest News

Will IE6 be the next NT4?

1st October 2009 All penetration testers will remember the long tail of Windows NT 4.0, and how this operating system continued to be used long past the point when security updates stopped at the end of 2004. For many years the presence of an unpatchable NT4 server was a common issue in a penetration test report, and it is only now, almost five years after security support ended, that finding an NT4 system on a network is becoming a rare event. Read More

One in four web applications susceptible to high risk security flaws

7th September 2009 NTA Monitor has reported a 10% increase in the total number of web applications found to have at least one high-risk security issue... Read More

Organisations facing a changing threat landscape

20th July 2009 According to NTA Monitor's 2009 Annual Security Report, the average number of Internet security vulnerabilities is on the rise... Read More

The Return of the Insider Threat

1st July 2009 When NTA started security testing twelve years ago, the main focus was on the insider threat. There were many reports with statistics showing that most security breaches were due to insiders. By contrast there was very little focus on the external threat via Internet and third-party network links. Back then many companies did not even have a firewall. Read More

UK organisations' IT security improving

NTA Monitor's 2007 Annual Security Report has revealed that 32% of UK organisations tested had critical vulnerabilities that are widely known and actively exploited by hackers, compared to 61% in the 2006 report, indicating that companies have improved their security posture in the last year.

The report analyses data gathered from vulnerability tests conducted by NTA on UK companies in a wide range of industry sectors, including charities, education, finance, government, IT, law and retail.

Although the number of tests exposing vulnerabilities that may enable external users to gain unauthorised system access or disrupt service availability has almost halved, the picture is not bright for everyone. Whilst improvements in overall security have been achieved by most industry sectors, publishing and finance have seen an increase in the average number of vulnerabilities found per test. For financial institutions, the average number of risks increased by 16% year on year, whilst publishing saw an increase of 28%.

Roy Hills, Technical Director at NTA Monitor, says: "There are a variety of ways of causing Denial of Service attacks, one of which occurs when a server is bombarded with more information than it can handle, resulting in legitimate users being unable to access or use the network. Other security flaws that our testing discovered could permit hackers to gain entry to corporate networks and change users' passwords or delete files, which could wreak corporate havoc."

Of the 10 most commonly occurring critical vulnerabilities, seven were found in last year's report, indicating that these same issues continue to take their toll. All of the top 10 high risk flaws are associated with services that are being made available to Internet users, demonstrating that with increased functionality comes the threat of reduced security.

NTA Monitor recommends that companies apply the following recommendations to raise awareness and minimise their exposure to IT security risks:

Stay up to date on the latest vulnerabilities and apply patches and updates as soon as they become available
Allocate sufficient management time, focus and control to ensure that preventative actions are carried out on an ongoing basis
Involve and educate staff on Internet security issues
Have a clear and up to date security policy. Publicise and update it regularly

A copy of the NTA Monitor Annual Security Report 2007 is available on request from NTA Monitor. Call 01634 721855 and ask for Sarah Turner or email marketing@nta-monitor.com

This article was first released on: 14th May 2007